Controllerless Networks

last person joined: an hour ago 

Aruba Instant Wi-Fi: Meet the controllerless Wi-Fi solution that's easy to set-up, is loaded with security and smarts, and won't break your budget.
Expand all | Collapse all

Help with new High Density Instant IAP-225 setup

  • 1.  Help with new High Density Instant IAP-225 setup

    Posted Jun 21, 2014 01:04 AM

    Hi everyone,

    We are a technology company who have about 120 people but 200 wireless devices in our head office (as some people have three wirless devices - a laptop, phone and tablet). We originally had a Meraki wireless setup but had very poor performance when more than about 15-20 devices were connected to an access point which included things like frequent drops, inability to reconnect and general poor thorouput. I have since ripped that out and have purchased four IAP-225 access points hoping that it would better handle our density. I can expand that to maybe 6 if necessary but that will involve some work in getting an electrician out to run more ceiling runs of Ethernet etc.

     

    The access points are set up so that at any spot in the long/narrow building you can see 2-3 of them even with the power set as 12 min 18 max - maybe ~30-40 feet apart on average and I have attached the config. We are about 1/4 Mac laptops, 1/4 Windows laptops and 1/2 phones/tables which are 75/25 iOS to Android. We do run MS Lync but have wired Lync phones which handle most of the voip role of that.

     

    Since we put in this setup about a week ago we have seen many issues where the clients drop into a status with an exclamation point and say Limited Connectivity until they manually disconnect and reconnect or they need to turn their wifi off and back on on an iPad to get connectivity back. We have tried various things including disabling OKC, disabling 80 and then even 40 Mhz on the 5Ghz band, turning on/off ClientMatch etc. I just noticed that there was a firmware update though - I had been clicking the button under Maintenance and it said there wasn't but I signed in and got 6.4.0.2-4.1.0.0_44004 yesterday which I've just deployed. I am hoping that helps.

     

    After the firmware update I turned ClientMatch back on because given the long/narrow building I've been seeing that when people leave their desks to go to meeting rooms  they hang on to the access points and suffer poor performance etc.

     

    I guess I am just trying to get a sense of how best to configure these points to get the best results for our ~200 wireless clients. Any advice would be appreciated as I went out on a limb ripping out the Meraki setup (which I had gone out on a limb choosing over controller-less Cisco a year and a half ago) by insisting that an Aruba setup would fix our issues with dropping and poor performance given our high density. For what it's worth most of our offices are only 20-30 people and the Meraki has been fine there - it is just in our device-heavy dense head office it was really crashing and burning.



  • 2.  RE: Help with new High Density Instant IAP-225 setup

    Posted Jun 21, 2014 01:05 AM

    I thought my config was attached but that doesn't seem to be working. Here it is:

     

    version 6.4.0.0-4.1.0
    virtual-controller-country AU
    virtual-controller-key a4f13610012ea71ab3645937acefd7ae5cc058f16d5c6ee171
    name Sydney-Wireless
    virtual-controller-ip 172.20.23.249
    virtual-controller-vlan 1 255.255.248.0 172.20.19.254
    terminal-access
    ntp-server 172.20.20.140
    clock timezone Sydney 10 00
    rf-band all

    allow-new-aps
    allowed-ap 18:64:72:c8:d8:e2
    allowed-ap 18:64:72:c8:d8:06
    allowed-ap 18:64:72:c8:d8:ae
    allowed-ap 18:64:72:c8:d9:2c

     

    arm
    wide-bands none
    min-tx-power 12
    max-tx-power 18
    band-steering-mode disable
    air-time-fairness-mode preferred-access
    client-aware
    scanning
    client-match
    client-match nb-matching 20
    client-match calc-threshold 1
    client-match calc-interval 10

    rf dot11g-radio-profile
    spectrum-monitor

    rf dot11a-radio-profile
    spectrum-monitor


    syslog-level warn ap-debug
    syslog-level warn network
    syslog-level warn security
    syslog-level warn system
    syslog-level warn user
    syslog-level warn user-debug
    syslog-level warn wireless

     

     


    user Guest 29194ba5b29293dafe3735b8221510ff0ae09aff3a8080db portal


    mgmt-user info 9c445c4072d147cc18ad712fb58e7245e6b0fc054471a157

    wlan access-rule default_wired_port_profile
    index 0
    rule any any match any any any permit

    wlan access-rule wired-instant
    index 1
    rule masterip 0.0.0.0 match tcp 80 80 permit
    rule masterip 0.0.0.0 match tcp 4343 4343 permit
    rule any any match udp 67 68 permit
    rule any any match udp 53 53 permit

    wlan access-rule Infomedia
    index 2
    rule any any match any any any permit

    wlan access-rule InfomediaR
    index 3
    rule any any match any any any permit

    wlan ssid-profile Infomedia
    enable
    index 0
    type employee
    essid Infomedia
    opmode wpa2-aes
    max-authentication-failures 0
    auth-server vm-ifm-dc01
    rf-band all
    captive-portal disable
    dtim-period 1
    inactivity-timeout 1000
    broadcast-filter arp
    dynamic-multicast-optimization
    dmo-channel-utilization-threshold 90
    local-probe-req-thresh 0
    max-clients-threshold 128
    okc-disable

    wlan ssid-profile InfomediaR
    enable
    index 1
    type employee
    essid InfomediaR
    opmode wpa2-aes
    max-authentication-failures 0
    auth-server vm-ifm-dc01
    rf-band all
    captive-portal disable
    dtim-period 1
    inactivity-timeout 1000
    broadcast-filter arp
    dynamic-multicast-optimization
    dmo-channel-utilization-threshold 90
    local-probe-req-thresh 0
    max-clients-threshold 128
    okc-disable
    dot11r
    dot11k

    auth-survivability cache-time-out 24

     

    wlan auth-server vm-ifm-dc01
    ip 172.20.20.140
    port 1812
    acctport 1813
    timeout 30
    retry-count 5
    key 6a7366de1e6cd0a30deefca3423732c9cd00cbbfa4e6e553

    wlan captive-portal
    background-color 13421772
    banner-color 16750848
    banner-text "Welcome to Guest Network"
    terms-of-use "This network is not secure, and use is at your own risk"
    use-policy "Please read terms and conditions before using Guest Network"
    authenticated

    wlan external-captive-portal
    server localhost
    port 80
    url "/"
    auth-text "Authenticated"
    auto-whitelist-disable
    https


    blacklist-time 3600
    auth-failure-blacklist-time 3600

    ids classification

    ids
    wireless-containment none


    wired-port-profile wired-instant
    switchport-mode access
    allowed-vlan all
    native-vlan guest
    no shutdown
    access-rule-name wired-instant
    speed auto
    duplex auto
    no poe
    type guest
    captive-portal disable
    no dot1x

    wired-port-profile default_wired_port_profile
    switchport-mode trunk
    allowed-vlan all
    native-vlan 1
    shutdown
    access-rule-name default_wired_port_profile
    speed auto
    duplex full
    no poe
    type employee
    captive-portal disable
    no dot1x


    enet0-port-profile default_wired_port_profile

    uplink
    preemption
    enforce none
    failover-internet-pkt-lost-cnt 10
    failover-internet-pkt-send-freq 30
    failover-vpn-timeout 180


    airgroup
    disable

    airgroupservice airplay
    disable
    description AirPlay

    airgroupservice airprint
    disable
    description AirPrint



  • 3.  RE: Help with new High Density Instant IAP-225 setup

    Posted Jun 21, 2014 06:27 AM

    Try turning on "Broadcast Filter ALL" on both of your SSIDs.  If your wired and wireless clients are sharing the same layer-2 VLAN, that would deal with alot of broadcasts that are leaking from the wired network onto the wireless and causing contention.

     

    Start with that.

     



  • 4.  RE: Help with new High Density Instant IAP-225 setup

    Posted Jun 21, 2014 06:58 AM

    Thanks to you both - I made the two changes you advised. Between those and the new firmware fingers crossed for Monday :)



  • 5.  RE: Help with new High Density Instant IAP-225 setup

    Posted Jun 21, 2014 07:01 AM

    alwaysanon,

     

    The local probe threshold setting should only be changed if you have problems with roaming.  You should leave that set to zero.  Only change one thing at a time...



  • 6.  RE: Help with new High Density Instant IAP-225 setup

    Posted Jun 23, 2014 02:13 AM

    Our first day with the new firmware and that broadcast setting looked pretty good. I heard very little complaining and it seemed to hold up well to ~125 wireless clients which ClientMatch balanced pretty evenly across the 4 APs.

     

    This was a bit of a slower day so I'll let you know when we have a day with more devices but so far I am impressed.



  • 7.  RE: Help with new High Density Instant IAP-225 setup

    Posted Jun 23, 2014 03:54 AM

    alwaysanon,

     

    Did you get a chance to take a look at the Utilization during peak times?  Please take a look at the link here for some statistics that you can take a look at in an IAP: http://www.arubanetworks.com/techdocs/Instant_40_WebHelp/InstantWebHelp.htm#UG_files/Instant_user_interface/Monitoring.htm

     



  • 8.  RE: Help with new High Density Instant IAP-225 setup

    Posted Jun 21, 2014 01:17 AM
    I would look at setting the local probe request threshold to 25 and perhaps 30 if there's no improvement after that.